Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

suraj.sun sends this excerpt from CNET:
"Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned. The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database."

Isn't this similar to what Google is being sued over? Though Google didn't make it publicly available and came forth stating they goofed, they still are in court over the WiFi info collection incident. Where do we sign up for the Class Action against M$?!

How could it be the same? Google accidentally captured packets. Microsoft simply captured location / MAC address (which was what Google was supposed to be doing). Google got sued in multiple places because of the packet capture. It is not even remotely the same.

Ignore the idiot who doesn't know where his shift key is. It's not the same. Most wireless networks broadcast a beacon signal that informs nearby receivers the name of the network and other information. Triangulating this signal which is public in its very nature is neither illegal nor unethical.

Google was capturing the packets being broadcast within the networks themselves by other clients. So a system authenticating with a server in plain text (which happens too often) would have the authenticating information (user/password) intercepted. Depending on the view one takes of open networks, this probably violates the Electronic Communications Privacy Act, or at least its spirit.

how do you authenticate in plain text over wireless? sure WEP is crackable, but not clear text and requires the capture a lot of packets.Do you mean people using a public unsecured wireless AP and authenticating to some web site over http (not https) ? hmmmSo if I am walking down a street taking photos and people have posters with their credit card details hanging, I am breaching their rights? No, they are advertising their information.

All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).

If you use the free WiFi at starbucks, I can record your MAC address. Now, since your phone or other devices in your vicinity send the positions of your MAC address to Microsoft if you are using WiFi , I can query their database and it gives my your position. Depending on how often and fast it gets updated and how often you use WiFi, I can track you (assuming that there are a lot of people using microsoft phones where you are).

Where in Europe? When I was in Italy last October, WP7 was the single most common smartphone I saw on the streets, and every billboard was plastered with Italy's national telecom operator advertising it. (disclaimer: I work at MS).

I see you on the street and decide to target you, I sniff some packets and learn your MAC address. I then use this MAC address to find where you are/have been/will be. The point is the connection between you and a set of MAC addresses is random but pretty static which can then be indexed to learn a lot about your locations.

Your MAC address can be divined through online interactions with people. It's feasible that the boogeyman called the cyber stalker could use this information to find you physically. This news is far more worrying than themobile devices that kept a local cache of locations you had been. Most of the hand wringing surrounding that were that someone could get your phone and discover your movement patterns. In that case, someone would have to be physically by you anyway to get your phone. This allows someone [th

Exactly! If this same information was given about medications it would pass the HIPAA test. There really is nothing to see here.

Are you sure? HIPAA says:

Protected health information (PHI) under HIPAA includes any individually identifiable health information. Identifiable refers not only to data that is explicitly linked to a particular individual (that's identified information). It also includes health information with data items which reasonably could be expected to allow individual identification.

And since this database effectively turns a MAC address into a street address plotted on a map, if you had a paper with a prescription with their home access point's MAC address, I think that would be protected under HIPAA, just like if it had their home address rather than MAC address.

All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).

Or, if I know my ex-gf's phone's or home access point's MAC address, I could find out where she moved when she told me to leave her alone and stopped answering my phone calls and emails. Makes it easier to pay her a surprise visit and convince her to take me back. Once she sees that I tracked her down and followed her halfway across the country to sit at her doorstep and wait for her to come home, she'll be bound to want me back. Fortunately, the MAC was captured from her phone while she was at work and at he gym, so I can always meet her in one of those places if she spots me at her house.

Once she sees that I tracked her down and followed her halfway across the country to sit at her doorstep and wait for her to come home, she'll be bound to want me back. Fortunately, the MAC was captured from her phone while she was at work and at he gym, so I can always meet her in one of those places if she spots me at her house.

Thanks microsoft, what a great service!
Maybe one would be able to go even a step further. - Not that you have to, your plan is so romantic that I can't imagine any woman not wanting you back. - But just for curiosity, one could check what other MAC address has a similar movement pattern, goes to the movies with her, a restaurant for 73 minutes, and then stays at her place till 7am.

The mobile data network is different from WiFi. Even if a MAC address (in the conventional sense) is used for assigning IP addresses (which I doubt -- not even IPV6 is sufficient reason for VZW (et cetera) to not NAT the hell out of everything), that MAC will not be the same as the WiFi adapter.

All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).

I suspect there's one or two employers that would be tempted to search for "which of my employees are having affairs with each other" (which pairs of phones occasionally spend the night in the same location). Other searches like "who's interviewed at our competitors?", "who's potentially got an alcohol problem (phone is frequently in the pub)", "who's got medical issues", etc, would also be very possible.

It would be nice if devices had the ability to limit the GPS accuracy for all applications. Something that would allow them to return circular (Spherical?) regions that are defined to fall on a LAT/LON boundry so it doesn't place you in the center of the circle. Have the lowest region be exact LAT/LON, then 100 meters, 1km, 10km, 100km and off.
This would only be helpful if the device itself did it to prevent companies with no common sense from doing this.

In case MS does take theirs down, don't forget the biggest and oldest community-built database of wireless networks: Wigle.net [wigle.net]

Long before MS, Google, or Skyhook wardrivers have been working in concert on their own time and dime to contribute over 40 million geolocated networks worldwide. A few thousand of those were first done by me in fact, though I haven't contributed in years.

The only difference is that MS are letting us see what they have. Google have collected the same data and more. (And bear in mind anyone with a fleet of vans could do the same). When it comes to violating my privacy, I don't think I have more faith in any of these companies than I do in random strangers on the internet.

In fact it works pretty well, well enough for their purposes. They don't need enough precision to drop a bomb on you, rather they need just enough to know what neighborhood you're in, so they can target you with ads for local pizza joint you may not have heard of.
Also, I have an iPad with a cell radio and WiFi, and the location feature works better with both radios enabled than with either one separately. With both enabled the locator is often accurate enough to nail what parking spot my car is in.

In fact it works pretty well, well enough for their purposes. They don't need enough precision to drop a bomb on you, rather they need just enough to know what neighborhood you're in, so they can target you with ads for local pizza joint you may not have heard of.

Or region-lock DRMed content against you.

Coming soon: laws requiring content providers to filter access based on location of the recipient, such as not serving pornographic content to computers on school property. Like the "drug free zone" around schools, except it's a "porn free zone", and it's mapped out on Google.

Because if such databases are built, considered accurate enough, and are freely accessible, you're going to be expected to check against them as due diligence.

Ooo, very nasty. I had not considered that application. But yeah, the accuracy is good enough that sport teams could for instance disable streaming of live feeds of their games within the home city if the game isn't sold out. Or charge you to watch it while letting people elsewhere continue to watch it free.

Cell tower triangulation is pretty poor when done with on your phone. You'll only be able to pin your location within a few blocks. In an urban area, a few wifi hotspots will pin you within 100m fairly easily. Especially since wifi doesn't travel very far, just finding a known wifi signal is enough to know you're within about 100m of it. Especially handy indoors, eg a mall or at home, where you'll have those known locations.

Remember the big issue where the iphone cached known locations? That was a really ni

To some degree. It's not all that accurate. Where I live - in a rural town of about 6,000, my IP shows me as being about 50 miles away. If you live in a major city, you can get more than a city name with other forms of geolocation - you can get a neighborhood.

If I go to Google (logged in) and type plumber - I get the ones that are near where my profile says I am, and not where my IP says I am. It's a lot more useful. Plus, Google Maps on my iPod touch always shows me where I am almost to the street int

Sounds like a burglar's christmas wish come true. Assuming the burglar doesn't post his actions to facebook, I think the privacy implications for this are far worse than what Google's streetview has done.

Depends whether the burglar has a phone giving location info to Microsoft. Then it becomes a local police department's IT team's dream come true. Fingerprints that point to where he was when, which can be aligned with a matrix of known burglaries, and now he's plausibly connected to other crimes. Unfortunately, for them to catch this one burglar, they'll have to start tracking all of us all the time, and someone will wise up enough to steal someone else's phone and carry it to several crime scenes... I'l

It sounds like we're due for a protocol change where these addresses are updated to prevent long-term tracking. Give the operator the choice of static or randomized. Some work would have to be done to ensure devices would continue to correctly identify a network they've previously connected to. But some of those details ignored, I think everyone gets my point here. The thing here is which I don't get is that the broadcast id of these routers isn't typically available to anyone intercepting your IP traffic. So this database won't help someone find you unless your machine has been compromised. Perhaps one solution is to have network hardware watch for the Ids but hide them from the OS. That would prevent a compromised machine from revealing its location while at the same time allowing for the broadcast Id to useful for assisted GPS. I'd be a little sad if we lost the awesome navigational benefits due to privacy concerns without first considering protocol/implementation fixes to address the concerns.

One great example is indoor maps. You can get maps for the inside of a mall now as part of your smartphone's map app. You just zoom in on the mall and it turns into an indoor map. Without the wifi, you're not going to have an accurate location marker inside.